Did the whole pairdrop repo just vanished?
terrytw opened this issue · comments
App version
Lastest
Android version
12
Describe the bug
I don't know whether this is the best place to put up this issue, honestly I don't know a better place, at least it is connected to this project
Steps to reproduce the bug
Well go to https://github.com/schlagmichdoch/PairDrop
Stacktrace
No response
Screenshots and additional context
No response
Good question. I have absolutely no idea what happened... The whole user account of the pairdrop maintainer doesn't exist anymore.
As I wasn't informed by him, I don't think that was intentional.🤔
The whole user account of the pairdrop maintainer doesn't exist anymore.
Yeah I noticed that as well. Maybe he got hacked...I DMed him on reddit too but no response so far.
The whole user account of the pairdrop maintainer doesn't exist anymore.
Yeah I noticed that as well. Maybe he got hacked...I DMed him on reddit too but no response so far.
Where did you message him? Going to https://www.reddit.com/user/schlagmichdoch reveals that the account was deactivated
The whole user account of the pairdrop maintainer doesn't exist anymore.
Yeah I noticed that as well. Maybe he got hacked...I DMed him on reddit too but no response so far.
Where did you message him? Going to https://www.reddit.com/user/schlagmichdoch reveals that the account was deactivated
Yes that is exactly to whom I messaged. His account was not deactivated then.
If his reddit account is gone too, my guess is that he got some real big change IRL instead of being hacked. I hope he is all right.
Hey @terrytw ,
@schlagmichdoch here. I'm using my second account as GitHub has somehow shadow hidden my main account from the public including all my repositories, alongside any PR, issue or comment I ever created on other repos.
They also deleted some issues and many comments I made completely using an automation called hubot.
Logged into my main account, everything looks normal. I did not get any notification by GitHub about this and I only recognized that something was off, as all of the image URLs that link to assets in one of my repositories return a 404 and are not visible to anyone (including me). First, I thought this was some kind of disturbance with GitHub itself but apparently everything was up and running normally. Only after finding a blog post on medium.com which described the exact same situation I knew what was going on.
If you want to read into it, it's a good blog post by a guy to whom this happened 4 years ago who has since moved over to GitLab:
https://medium.com/@catamphetamine/how-github-blocked-me-and-all-my-libraries-c32c61f061d3
Depending on the outcome of this ordeal, I really need to think about moving ship too.
GitHub has notified me on Saturday via an E-Mail stated 'Password reset and token revocation notification due to suspicious activity'. This is normally sent to users if they were hacked and their account is used for distribution of malware. Although I'm quite certain that I was not hacked, I changed my password and activated 2FA since.
The whole situation is super weird and frustrating as I was about to release a major update to PairDrop. I'm also completely invisible in any communication which is very eery.
I have filed a complained via a support ticket to reinstate my account yesterday.
The blog post says GitHub responded after a week, others estimate it takes around 2 weeks until they respond. Until then, I will use this account for communicating my current situation, so I cannot do anything but be patient..
My reddit handle is schlagmichhalt and my mail address is sonnig-02.hieven@icloud.com if you want to contact me directly.
Take care!
@stil-blue Hi I am glad that you are all right!
I got your reddit reply as well, I am just going to answer it here since I don't think it involves anything particularly private:
How did you recognize it being vanished?
I was just going to check on the commit history since I am quite interested in the upcoming new release you mentioned the other day. So I went to https://github.com/schlagmichdoch/PairDrop/ and I got this:
That is it, sorry the story is just this short and I cannot provide more information. Then I tried https://github.com/schlagmichdoch it is still 404. Then I just posted this issue, because I thought maybe the maintainer here knows about what happened.
I finished reading the article you linked, and it is a good read, funny guy, good story, but I honestly am a bit contradicted and don't know what to feel.
I hope you succeed with the appeal, and I respect your decision no matter where you go next.
Hi @stil-blue,
Glad to hear that you are fine! Definitely wouldn't have expected Github to behave that impulsive, but let's just hope the best. And don't let it get you down, we all appreciate your great work!
Cheer up!
Thanks for the kind words!
They will have their reasons for restricting the account. I'm just really annoyed that I did not get notified at all about the procedure. As the blog post states it would be understandable to put the account into read-only but shadow hiding is not transparent and really restrictive.
I guess it's gonna be alright. I will keep you updated!
@stil-blue In the meantime, I'd like to suggest pointing the GitHub links from pairdrop.net/#about to this issue or any other place explaining the situation.
Thanks
@KaKi87 That is a good idea.
I will point the GitHub button to this issue and the FAQ button to a forked FAQ.
You can find code and docs of the latest fork here:
README / code
https://github.com/babstar99/PairDrop
Docs
https://github.com/babstar99/PairDrop/blob/master/docs/host-your-own.md
FAQ
https://github.com/babstar99/PairDrop/blob/master/docs/faq.md
Hey @terrytw ,
@schlagmichdoch here. I'm using my second account as GitHub has somehow shadow hidden my main account from the public including all my repositories, alongside any PR, issue or comment I ever created on other repos. They also deleted some issues and many comments I made completely using an automation called hubot.
Logged into my main account, everything looks normal. I did not get any notification by GitHub about this and I only recognized that something was off, as all of the image URLs that link to assets in one of my repositories return a 404 and are not visible to anyone (including me). First, I thought this was some kind of disturbance with GitHub itself but apparently everything was up and running normally. Only after finding a blog post on medium.com which described the exact same situation I knew what was going on. If you want to read into it, it's a good blog post by a guy to whom this happened 4 years ago who has since moved over to GitLab: https://medium.com/@catamphetamine/how-github-blocked-me-and-all-my-libraries-c32c61f061d3
Depending on the outcome of this ordeal, I really need to think about moving ship too.
GitHub has notified me on Saturday via an E-Mail stated 'Password reset and token revocation notification due to suspicious activity'. This is normally sent to users if they were hacked and their account is used for distribution of malware. Although I'm quite certain that I was not hacked, I changed my password and activated 2FA since.
The whole situation is super weird and frustrating as I was about to release a major update to PairDrop. I'm also completely invisible in any communication which is very eery.
I have filed a complained via a support ticket to reinstate my account yesterday.
The blog post says GitHub responded after a week, others estimate it takes around 2 weeks until they respond. Until then, I will use this account for communicating my current situation, so I cannot do anything but be patient..
My reddit handle is schlagmichhalt and my mail address is sonnig-02.hieven@icloud.com if you want to contact me directly.
Take care!
My dear...
So... never trust big companies owned by billionairs...
Host your own forgejo-instance and you are on again with a great git.
Host your own gitlab-instance and you are on again with another great git.
Host your repo on codeberg.org (which uses forgejo) and your are part of a big community NOT owned by a fucking billionair...
The fine thing on forgejo is, it will sometimes federate... so you can have your own git-server and create federated issues, comments and so on... the next step git. :)
And... get a fediverse-account... reddit is the next bad thing, owned by billionairs.
Lemmy https://github.com/LemmyNet/lemmy is a very good alternative to reddit... selfhostable, federating (with the whole fediverse)...
The account is still not back. @stil-blue anything new?
Nope. It's outrageous but 20 days after creating the ticket, support has yet to answer it. I'll definitely move ship next week.
The only thing that I have found out is that my account is flagged as spam which is different to what I thought (username/reponame seems ok). I guess it's just a shitty spambot on their end which falsely flagged me.
@stil-blue :) You can still count on me for financial and compute ressource capacity. If you want i could even start an own gitlab instance (i currently know only gitlab and github to administer). Waiting for orders ;)
https://i.pinimg.com/originals/f4/8f/f6/f48ff6788b636c39117b0e8fb0b4f3d0.jpg
i currently know only gitlab
If you can instanciate GitLab then you can for sure instanciate Forgejo, which is dead simple in comparison (it's a single executable and a single config file).
Also, it's way less resource-consuming and it's UI is way simpler.
@stil-blue if you are in the EU, you can send Github a GDPR Data Subject Request to ask them if any automated decision making was made, how they prevent errors in the process and how you can challenge the decision.
https://noyb.eu/en/exercise-your-rights-article-22-be-protected-automated-decision-making
Can you please clarify whether you had 2fa enabled prior to this?
@stil-blue Hey, any updates on this? Really unfortunate situation you're in, hope GitHub fixes this soon.
I’m back!
Just a quick update that everything seems to be back to normal.
Tonight suddenly my cronjob succeeded again: https://75dgf6sc.status.cron-job.org/
Once again I have not gotten any notification from GitHub and my tickets are still unanswered.
I will evaluate the situation in the next hours and check if everything is as expected. I will probably still move the repo after the next release and turn the repo here into a mirror. For now, I’m just happy that all the information in the issues, PR and comments is not lost.
Cheers
Dominik
I’m just happy that all the information in the issues, PR and comments is not lost.
By the way, Forgejo can import those (I don't know about GitLab but I don't think so).
I’m just happy that all the information in the issues, PR and comments is not lost.
By the way, Forgejo can import those (I don't know about GitLab but I don't think so).
I have read that and it’s great! All of these imports use GitHub plugins though and these are disabled for flagged accounts so that wasn‘t an option until now.
these are disabled for flagged accounts so that wasn‘t an option until now.
Of course, that's why I only mentioned that now.
I’m just happy that all the information in the issues, PR and comments is not lost.
Great news!
Once again I have not gotten any notification from GitHub and my tickets are still unanswered.
I did some napkin math and it seems to be around 30 days after the incident, maybe there is some kind of automatic system which they rely on probably too much.
@schlagmichdoch I'm considering closing this issue, do you want to continue the discussion here or publish some kind of announcement on the front page of your repo?
these are disabled for flagged accounts so that wasn‘t an option until now.
I was wrong here. I have used the migration tool of Codeberg and they use an access token and the GitHub API which would have worked while being flagged.
While GitLab uses a plugin feature which is blocked when flagged, Codeberg uses the GitHub API which makes migrating PR and issues possible.
I did some napkin math and it seems to be around 30 days after the incident, maybe there is some kind of automatic system which they rely on probably too much.
I have had that thought too. It's 32 days which is a weird automatic limit but possible of course. Sadly, they have only unflagged my account but have not restored deleted issues and comments. As soon as everything is restored, I will migrate the repo to Codeberg. Thanks to everyone for the recommendation!
@schlagmichdoch I'm considering closing this issue, do you want to continue the discussion here or publish some kind of announcement on the front page of your repo?
Sure, go ahead! I have added a pinned issue to the main repo here: schlagmichdoch/PairDrop#284. Anyone interested should subscribe to the issue as I will post anything new over there.
Also, I have reverted the changes to pairdrop.net to point to the main repository again.
Hi!
I have had that thought too. It's 32 days which is a weird automatic limit but possible of course. Sadly, they have only unflagged my account but have not restored deleted issues and comments. As soon as everything is restored, I will migrate the repo to Codeberg. Thanks to everyone for the recommendation!
great News!
Thank you for this step.
See you there!